Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-4701: Royal Elementor Addons <= 1.3.59

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the ‘wpr_activate_required_plugins’ AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7’, 'media-library-assistant’, or ‘woocommerce’ plugins if they are installed on the site.

CVE
#vulnerability#wordpress#auth

Royal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin Activation

This record contains material that is subject to copyright

License: CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE’s copyright designation and this license in any such copy. Read more.

Copyright 1999-2023 The MITRE Corporation

Have information to add, or spot any errors? Contact us at [email protected] so we can make any appropriate adjustments.

Related news

WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls

WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forgery, insufficient access control, cross site scripting vulnerabilities.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907